New Era Technology and GDPR

On May 25th 2018, the General Data Protection Regulation takes effect in the EU.

So… what is GDPR and how does it affect you?

The EU General Data Protection Regulation (GDPR) is a new data protection law, which will replace the existing EU laws. It aims to strengthen the protection of “personal data” paying particular attention to the way that data is now used and shared through internet and cloud technologies.

The EU wants to give people more control over how their data is used, whilst making a simpler, clearer a legal framework for organisations who manage, control and process people’s data.

New Era Technology and GDPR

Here at New Era, we have been working hard to ensure we are fully GDPR compliant in time for this landmark privacy law.

This includes our role as ‘data controllers’ for the information we hold on our customers as well as ‘data processors’ for the data our customers hold within our solutions.

FAQs

Our commitment to GDPR

We have, like many organisations, been reviewing our current processes, contracts and policies. We can confirm that all New Era Technology solutions including DB Primary, SchoolPing, the Lifecloud and Able+ already meet the required standards of data protection and are therefore GDPR compliant.

New Era Technology has always been committed to meeting the highest standards of data protection for our customers. Over many years, we have developed systems, infrastructure and practices to ensure the best possible security and resilience. This means that we do not need to make any changes to our existing product security to meet the new requirements.

What is our policy on data sharing?

In line with GDPR we have reviewed our current data sharing agreement to ensure our policies are compliant. You can review a full copy of this policy.

How secure are our solutions?

All New Era Technology SaaS products are hosted on Government accredited cloud hosting services held within the EU or UK. We use TLS encryption for all data in transit. We have internal controls to ensure access to data is strictly controlled to those who require it to fulfil their roles on behalf of the company to deliver the contracted services to The School. Access to our servers is restricted to a very small number of employees who require access for systems maintenance and monitoring purposes. This access is via restricted IPs and is strictly via password control and authentication. Our systems are monitored 24/7 and there are full audit trails.

More information on GDPR

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. The ICO website outlines the GDPR policy in full detail.